Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • active scan is waiting

    Hi, I am working on extension that will send the url to do active scan. I noticed the urls I sent are all in "waiting" and need me to manually click "resume". Is there a way to make it scan without manual intervention? Thanks

    4 Agent Answers    4 Community Answers
    Jan 26, 2017 08:07PM UTC
  • registerSessionHandlingAction throwing errors

    Whenever I try to load callbacks.registerSessionHandlingAction(self) I get errors. I've seen other posts which are similar to mine, where Dafydd is able to run the extension without errors. (https://support.portswigger.net/customer/portal/questions/12695799-adding-a-header-with-isessionhandlingaction) I just want to inject a custom header. Here is my code: from burp import IBurpExtender ...

    1 Agent Answer    2 Community Answers
    Jan 26, 2017 05:31PM UTC
  • auto scan pre-populated site map

    Hi, I have built a site map for a host that I am interested. I would like to scan this site map automatically (without spidering it before scanning) I am thinking to build an extender that will do following: (1) start burp with extension loaded and site map loaded (2) get pre-populated site map, for each url, send to active scan (3) start active scan for those urls (4) generate scan rep...

    2 Agent Answers    1 Community Answer
    Jan 25, 2017 06:03PM UTC
  • jruby SSLSocket error

    I'm currently developing the Dradis Framework Burp extension (https://github.com/dradis/burp-dradis/) and I'm encountering an error when the extension is trying to POST to the Dradis Pro server using HTTPS: ["org/jruby/ext/openssl/SSLSocket.java:215:in `connect'", "/Users/aaron/Downloads/jruby-complete-1.7.26.jar!/META-INF/jruby.home/lib/ruby/1.9/net/http.rb:800:i...

    1 Agent Answer    2 Community Answers
    Jan 25, 2017 08:42AM UTC
  • loadExtensionSetting() does not see extension options any more

    I was using callbacks.loadExtensionSetting() to load my extension settings from config file. In json it looked like: { "user_options":{ ... "extender":{ "extensions":[ { "errors":"console", "extension_file":"/path/to/my/ext/burp-XXXX-SNAPSHOT.jar"...

    2 Agent Answers    0 Community Answer
    Jan 24, 2017 05:24PM UTC
  • IntelliJ Idea not resolve burp suite class

    I`m create in Idea java project, save burp interface file into project but IDE no resolve burp classes. I`m know that is question about specific IDE, but I search best way to write extension. Folder structure . ├── src │   ├── burp │   │   └── burp │   │   ├── IBurpCollaboratorClientContext.java │   │   ├── IBurpCollaboratorInteraction.java │   │   ├── [.......] │   │   ...

    1 Agent Answer    1 Community Answer
    Jan 23, 2017 08:47AM UTC
  • IHttpRequestResponse.setMessage() does not update Proxy History automatically

    If I call setMessage on a IHttpRequestResponse instance, it does not update the Proxy History window automatically. However, if I force a redraw (for example by clicking on the item), the new comment appears, so it seems that the underlying object model gets updated by my call, it's just that it doesn't invalidate the already drawn view. I tried this with Burp Suite Pro v1.7.16 on Deb...

    0 Community Answer
    Jan 20, 2017 10:36AM UTC
  • Passive Scanning of Active Scan Results

    In Extensions, do passive scan checks (implementing IScannerCheck.doPassiveScan) automatically get applied to all responses of active scans as well? Or is passive scanning only done for the initial request/response and ignored thereafter? If you want to run the same checks on active scan responses do you need to explicitly implement IScannerCheck.doActiveScan?

    5 Agent Answers    5 Community Answers
    Jan 18, 2017 07:56PM UTC
  • unexpected makeHttpRequest timeout value

    I'm using IHttpRequestResponse makeHttpRequest(IHttpService httpService, byte[] request) to send a modified request that I got from an IScanIssue. If the target host is down, I get a timeout (return == null) and it takes approximately 26 secs. I don't know how this 26s is calculated since my timeout values are: Normal 120 Open ended: 10 DNS resolution 300 Failed DNS resolution 6...

    1 Agent Answer    0 Community Answer
    Jan 17, 2017 02:48PM UTC
  • xssvalidator instaaltion issue

    Hi, i was installing xssvalidator in Burp suite free edition but i am unable to do it, i am getting the following issue Step1: installed xssvalidator in burp Step2: Downloaded ant & installed it Step3: creating extender .jar Query : Not able to build the jar as the following error is displayed Error: [javac] ^ [javac] /Users/vik...

    1 Agent Answer    0 Community Answer
    Jan 17, 2017 10:39AM UTC